[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-01。"],[],[],null,["# Using OAuth2 access tokens\n\nYou can use access tokens to authenticate for a short period of time with\nGoogle Cloud APIs. If access tokens are not required, you should use a\n[service account](/kubernetes-engine/enterprise/knative-serving//docs/securing/service-accounts) to authenticate\nyour Knative serving services.\n\nFetching access tokens\n----------------------\n\nWhen your code runs on Knative serving it can use the\n[Compute Metadata Server](/compute/docs/storing-retrieving-metadata)\nto fetch access tokens. You cannot query the metadata server directly from your\nlocal computer.\n\n### Access tokens\n\nBy default, access tokens have the `cloud-platform` scope, which allows access\nto all Google Cloud APIs, assuming Identity and Access Management also allows access. In order to\naccess other Google or Google Cloud APIs, you will need to fetch an access\ntoken with the appropriate scope.\n\nYou can use the Compute Metadata Server to\n[fetch access tokens](/compute/docs/access/create-enable-service-accounts-for-instances#applications).\n\nIf you need an access token with a specific scope, you can generate one as\nfollows: \n\n```bash\ncurl \"http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token?scopes=\u003cvar translate=\"no\"\u003e[SCOPES]\u003c/var\u003e\" \\\n -H \"Metadata-Flavor: Google\"\n```\n\nWhere \u003cvar translate=\"no\"\u003eSCOPES\u003c/var\u003e is a comma separated list of OAuth scopes\nrequested, for example: `https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/spreadsheets`.\n\nConsult the full list of [Google OAuth scopes](https://developers.google.com/identity/protocols/googlescopes)\nto find which scopes you need.\n| **Note:** the `?scopes=` query parameter is only available on App Engine, Cloud Run functions, Cloud Run, and Knative serving.\n\nNext steps\n----------\n\nLearn how to [manage access](/kubernetes-engine/enterprise/knative-serving/docs/securing/managing-access) to your\nservices."]]